An application programming interface (API) operates by exposing entry points to logic, services, and data. API management services can track APIs that utilize backend data/services, and provide fine control of the usage of the backend data/services (e.g., by handling each API call). Implementing an API management service locally is often resource intensive. An alternative approach is contracting with a third party (e.g., a party other than a service provider or client application) to provide API management services. However, in some instances, a third party is not permitted to handle API calls and/or transmit data/services due to security and or compliance regulations (e.g., HIPAA, Gramm-Leach-Bliley Act, Homeland Security Act, etc.). Thus, there is a need for an API management system that secures data transmissions, accommodates security and compliance regulations, and provides robust API management features in a manner that reduces the need for local computing resources.